lucastealer | c2c518b4b0f151045b3b1cba54b7b2a950763977d2db31299b98ad84756a784b

Sharing

Copy URL

Twitter E-mail

General

Target

BLToolsv2.9PRO.zip
Size

9.9MB
Sample

250207-ben5nsvldr
MD5

0e66465f74545dccadb38961898ac3d3
SHA1

57043bd36df6f2450487a1fe5feb77b33921010b
SHA256

c2c518b4b0f151045b3b1cba54b7b2a950763977d2db31299b98ad84756a784b
SHA512

86148eaf039a2534bea31f5c92cf730d28d0512e93f964f5fffc67fb1733e5b02c6798b8c42ced8057041f365a216762090030b48a36d6652a4cc58947836a58
SSDEEP

196608:Zc+RU9MniZdA3D0yBI6t+tnZRUQdNFX6KlJAGkG3GlluFWccrVk6:ZcEiZ6LBVt+FFDlvGlQFW3u6

Score

10^/10

Malware Config

Targets

- Target
  
  BLTools v2.9 [PRO]/AlphaFS.dll
- Size
  
  359KB
- MD5
  
  f2f6f6798d306d6d7df4267434b5c5f9
- SHA1
  
  23be62c4f33fc89563defa20e43453b7cdfc9d28
- SHA256
  
  837f2ceab6bbd9bc4bf076f1cb90b3158191888c3055dd2b78a1e23f1c3aafdd
- SHA512
  
  1f0c52e1d6e27382599c91ebd5e58df387c6f759d755533e36688b402417101c0eb1d6812e523d23048e0d03548fd0985a3fd7f96c66625c6299b1537c872211
- SSDEEP
  
  6144:QDyJst+jyCnzLp9hvHsPvPvPvS2JQvlojidPp:QDyJsvCnzZf4U1d
Score

1^/10
behavioral1 behavioral2
- Target
  
  BLTools v2.9 [PRO]/BLTools v2.9 [PRO].exe
- Size
  
  7.1MB
- MD5
  
  bef86c9792f7f8bc658ca1d1bce63c60
- SHA1
  
  d7d3fe3ae1e950cd4192d46a0bf6505ec3858689
- SHA256
  
  2ebfc2838c33ff2fc3547369bf0e8bcdfe41c245ede9241602f44afbf7c3cfdb
- SHA512
  
  6ec05fa9bd6ab5c8f1aaa323c81d9f8ae5905a9dba4c511a57c473f568fa551115442ac325547beaecb5c9813446689be37e0485a8fa78f03bf9e82386a93de7
- SSDEEP
  
  98304:LinmCgeyQbyt5fTQ7lN7jGb5XQueha05FK7Km53t/VXCRjwsRMJnq2ISUMRlEGy:L0/UVQ7D+b56ha07K7KettcVFcIG
Score

10^/10

vmprotect lucastealer credential_access spyware stealer
- Luca Stealer
  Info stealer written in Rust first seen in July 2022.
  stealer lucastealer
- Lucastealer family
  lucastealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4
- Target
  
  BLTools v2.9 [PRO]/CookiesCreator.exe
- Size
  
  180KB
- MD5
  
  e42b6aa3255c2a75ad2e05cd40fe7063
- SHA1
  
  bfb988a0eac4686ec396f45f87c35721634e7a74
- SHA256
  
  a0b162a146bcf19634559a88877c21fabb512fbed11834f82d2fa60e56f0faa6
- SHA512
  
  f4f189d908a3d79506d9e32eb1f59758ee3071ff71ecad1dd75b767fe9a47afb8349fc8c0165779c25506e27625fb0e7e78448ec5f7beca8aad79a4caa645f65
- SSDEEP
  
  3072:8Qntml5YABxfI+ieRR0bCRLKksV0BxfI+ien:k5BxQ+ieRuWPxQ+ie
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  BLTools v2.9 [PRO]/Extreme.Net.dll
- Size
  
  121KB
- MD5
  
  f79f0e3a0361cac000e2d3553753cd68
- SHA1
  
  4314bcef76fddc9379a8f3a266b37d685d0adb79
- SHA256
  
  8a6518ab7419fbec3ac9875baa3afb410ad1398c7aa622a09cd9084ec6cadfcd
- SHA512
  
  c77516e7f5540ecd13fa5d8cecfce34629acecd9b5a445f5f48902c9e823328fa9a6694ecaa39f5b6053de61c2b850c2d87df25357548afaad6ec37eb3e5e355
- SSDEEP
  
  3072:bdoECIgjBibgp2tBqL0Y++ruXqMG4ih3lbpMqc:bdoECIgUrG
Score

1^/10
behavioral7 behavioral8
- Target
  
  BLTools v2.9 [PRO]/License.dll
- Size
  
  5B
- MD5
  
  b08a5c34cf0a06615da2ca89010d8b4f
- SHA1
  
  626a77d86d9d12d1772f788cf67c8e77fd9f797a
- SHA256
  
  04cc5b3b49a7e9e9b6c66c7be59a20992bf2653746b5d43829c383fb233f88fa
- SHA512
  
  5dce742cd0f649461b08f8f8018e0fa39ef19e813a74a91f434a15754a4fa8be83096e8fa49cf1828ac011220b7ad3724e7e4ea9cce7937a3168169d8e561b2c
Score

1^/10
behavioral10 behavioral9
- Target
  
  BLTools v2.9 [PRO]/MaterialDesignColors.dll
- Size
  
  295KB
- MD5
  
  5c108c4da6d03f0fa2c3b4dc7890cb52
- SHA1
  
  48af67b6166068b6f138306bbd1157c7583c6e73
- SHA256
  
  b5ec30c93b1d2b4631ee2b178750ec92e302e2e331090ec9783981b9572354f8
- SHA512
  
  48d055610eead361809bd839c66ccdca1d5e0d9dffe15af9d15afa106ee7791c8b17acb91f2aba5cf3dda2997b049bcf70b43c3b56b8b01f1fc7bb845ce6c91b
- SSDEEP
  
  1536:wr1In+fq1fDfDemxD0EsXpGX0EOAcTtU7fKoVxbzQcV:G1WB1PerAjOAj7fKoVxb1V
Score

1^/10
behavioral11 behavioral12
- Target
  
  BLTools v2.9 [PRO]/MaterialDesignThemes.Wpf.dll
- Size
  
  9.1MB
- MD5
  
  824cbf63999f954aa1747f79586a4d3c
- SHA1
  
  5f1cd6346a45024bbbe09e304c12b6f6bf227d5c
- SHA256
  
  344e2cee979e979932f504dc76bd75e97ae1ff46caa3fe2795adfe0a866347f7
- SHA512
  
  d36149f7cb5ffc62dac6bb4521105d09fac988de567e181fdca4f23e5079aca5f4292e1d314f797f1a597263ddac0210060cb71c111565717e3a288a47770c51
- SSDEEP
  
  98304:PW8EOPXJDntBksKY+ND3WyA4+TLVei10vMzPv8/4C8B5XVS49Xzy83IiEcJMrCRM:PW8lnJ45/9iD54+V11bFv4z
Score

1^/10
behavioral13 behavioral14
- Target
  
  BLTools v2.9 [PRO]/Microsoft.Xaml.Behaviors.dll
- Size
  
  142KB
- MD5
  
  95f46f34c099421d917d5feadbb33edb
- SHA1
  
  3d1cb9cf59000012734901a35baeb3d9c1dd5db3
- SHA256
  
  8e77a1dd5e2df4d4af801376cc3428b082eb49fcb6e647b933967fae12ad9d5d
- SHA512
  
  c9c9f72980316c68ad2a8dbe2c6c563c0deddfc9e845674d0e2f5313a0ae285d60a755e2ca04164f78b37a36521259307b3eb7d43f5ec9a9de5507bda7e4c1b8
- SSDEEP
  
  3072:lN+EM1X0WlL9JAn11M1dXcGkOsizI35rCj8SIP:v+ll79in1h6
Score

1^/10
behavioral15 behavioral16
- Target
  
  BLTools v2.9 [PRO]/Ookii.Dialogs.Wpf.dll
- Size
  
  103KB
- MD5
  
  932ebb3f9e7113071c6a17818342b7cc
- SHA1
  
  9ce2d08bc3840632092325abcc8d842eeb8189d4
- SHA256
  
  285aa8225732ddbcf211b1158bd6cff8bf3acbeeab69617f4be85862b7105ab5
- SHA512
  
  6b6086cff7b916c0c4536e3c7cba4ba17d6c4be2e4a88a5877be852e197f1f9c9c120d1295acf2b4277a9badd8cfd229ef3c1ab2049d0aeec22d3033be156141
- SSDEEP
  
  1536:qgoPBGuyAy52V+gtTLq6ZUc68h8O0SB/XBboIawHUPV5bKLh8sm6b0gl:qgwBGu2IV+ghd68WOxXBbx+5of
Score

1^/10
behavioral17 behavioral18
- Target
  
  BLTools v2.9 [PRO]/Projects/Gumroad Balance.proj
- Size
  
  32KB
- MD5
  
  2b15988417f966f2224bff3e1710a95b
- SHA1
  
  cce9693168c034a6d769d25e2af9460299e46099
- SHA256
  
  468504c466e87256d7c23e1107b554030143a65155324ea1ca50d7ffcc7d93ba
- SHA512
  
  293c959ba203f25a5b831f5332381fd0a46e7c37a14502e71ef0be132caefeb96bda680aff79cb9b37bf17242ac77c30cb56c290681d9c13f41e91ec5cc75c2f
- SSDEEP
  
  768:pI7pGhyMIG8LOYuGscMo0RBCIg4SQh3VNE9hvrMUpC1bfFAeIC/mFj2Cvz51hyNj:pI7pq8aRa9hL0oTtyHp61d4ay
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  BLTools v2.9 [PRO]/Projects/t.py
- Size
  
  197B
- MD5
  
  d466828dc96429d33cf79378e7df5bc7
- SHA1
  
  7af5c310cf51f6d35fa10db7da4b6f027df1dfd6
- SHA256
  
  33d03833858548c5c447cd74cc285acce2cf9f09bf340f9013bfac80cf20c180
- SHA512
  
  c85d1fd1122b5594c928d0f178d8624e151dab871978f85790c7facf62d2b3c093932c500fe38bae5b72ea251c8000d4d783543b9978d8e85f0cd4b4d6cca4a6
Score

3^/10

discovery
behavioral21 behavioral22
- Target
  
  BLTools v2.9 [PRO]/Projects/zelenka.guru.proj
- Size
  
  663B
- MD5
  
  cc191d2a91e450075137763698b776e5
- SHA1
  
  a0b40e06adb9f0b769c655f9a358f9c61a7fbc6a
- SHA256
  
  ecd65971d908862ade582539d6baa34981c616964bd1f29bc4aea0e8cb20ef79
- SHA512
  
  a6fd13193ca85a4bba127f324de99764246f1f8d8eecd44a20b15389b5fb6fec8bfe21f8b288099dbb7916bc0b6c7086224d5f7a4c201e9ce21c2647b146a0b9
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  BLTools v2.9 [PRO]/Projects/zoosk.proj
- Size
  
  32KB
- MD5
  
  ea74ea32ead440d9b7eff231a5bfa38c
- SHA1
  
  0a93fe22008c7ca4339fb1279db4f3ca65c768f5
- SHA256
  
  0709de2480f0218b9db44d67a54d70a74afd89d49d4b2c5f6c16ad417e26bc5c
- SHA512
  
  837a3644051c635678d441c64c9b7b904f67dd8f99faf6f6e5d5ddeb2ae71768e8c863812eb6440a7509e45b23699c895c2ccfcbaddff0ce28e33c2a527e912d
- SSDEEP
  
  768:6I7pGhyMIG8LOYuGscMo0RBCIg4SQh3VNE9hvrMUpC1bfFAeIC/mFj2Cvz51hyN6:6I7pq8aRa9hL0oTtyHp61d4fy
Score

3^/10

execution
behavioral25 behavioral26

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Luca Stealer

Lucastealer family

Reads user/profile data of web browsers

Unsecured Credentials: Credentials In Files

VMProtect packed file

Accesses cryptocurrency files/wallets, possible credential harvesting

Enumerates connected drives

Looks up external IP address via web service

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26